Hired guns = Copy protection ? - Page 2

Hewitson · 13 June 2014, 18:49

Quote:

Originally Posted by brett71

Couldn't someone figure out what Bowen did and then properly crack the game based off that information so that it can be installed to hard disk and work in the way it was intended to be without having to resort to things like WHDLoad?

It would be easy to do a floppy crack using the source for the whdload slave, but whats the point? Who would rather play a game on 5 disks instead of HD?

Arnie · 13 June 2014, 19:11

Quote:

Originally Posted by Hewitson

Who would rather play a game on 5 disks instead of HD?

Either a masochist or no HD

brett71 · 13 June 2014, 20:08

Quote:

Originally Posted by Hewitson

Who would rather play a game on 5 disks instead of HD?

Personally, I wouldn't play it from disk, but the actual point I was making is that I was hoping a crack could be done, incorporating Bowen's fix, that would allow the game to be installed to HD with the stock install script.

But I was also curious about the technique Scott Johnston used to make it so difficult to crack.

Predseda · 14 June 2014, 10:50

Copy protection of Hired guns is a masterpiece, as well as the game itself.

brett71 · 25 June 2014, 21:32

Quote:

Originally Posted by Predseda

Copy protection of Hired guns is a masterpiece, as well as the game itself.

Yes, it is legendary in both respects, but has anyone done an in-depth disassembly of the protection scheme? What made it so seemingly impossible to crack?

StingRay · 25 June 2014, 21:51

The copy protection wasn't anything special, there just were checks if the code had been tampered with and if so the game would do certain "surprising" things. Impossible to crack? Nope! But it did its job back in the day because there were a lot of non-working versions released.

brett71 · 26 June 2014, 16:30

So, in essence, at various points throughout the game, the game would do like an MD5 hash on the copy protection code and if it failed, did weird things? There must have been a bunch of those MD5-style checks for no one to have successfully cracked it back in the day.

mr.vince · 26 June 2014, 17:49

Good protection is embedded during the programming process and not afterwards. A faulty copy will not immediately break, but slightly alter things, which usually render completion impossible.

An RPG is a very good candidate. You can adjust all kinds of things like hit points, energy, strength etc.

The game can spawn more enemies, remove entrances to dungeons and so on.

If now the computation of such checksums is done with varying routines, based on other events that happen later, is buried in a graphics routine etc. this becomes very troublesome to find.

Without ever having seen the code of the game in question - this is what I suspect.

StingRay · 26 June 2014, 17:59

Quote:

Originally Posted by brett71

So, in essence, at various points throughout the game, the game would do like an MD5 hash on the copy protection code and if it failed, did weird things? There must have been a bunch of those MD5-style checks for no one to have successfully cracked it back in the day.

Game performs quite simple checksum checks which are very easy to find if you know what you're doing, I just had a look at the code again after 20 years and found the checks in almost no time. I mean, things like:

Code:

lbC0119E8
    move.l    #'THIS',(a1)
    move.l    #' IS ',(4,a1)
    move.l    #'AN I',(8,a1)
    move.l    #'LLEG',(12,a1)
    move.l    #'AL C',($10,a1)
    move.l    #'OPY ',($14,a1)
    move.b    #0,($18,a1)
    move.l    #$FFFFFFFF,($1E,a1)
    move.w    #1,($1C,a1)
    rts

are dead giveaways!

This one wasn't hard to find either as it was way too obvious what happens:

Code:

    move.l    #$B24D5A75,d1    ; checksum
.check
    move.b    (a0)+,d0
    beq.b    .passed
    eor.b    d1,d0
    ror.l    #8,d1
    cmp.b    (a1)+,d0
    bne.b    .crack
    bra.b    .check

.crack
    movem.l    d1-d7/a0/a1,-(sp)
    lea    (lbL010266),a1
    move.l    a2,a0
    moveq    #0,d5
    moveq    #0,d7
    jsr    (lbC000C82)
    movem.l    (sp)+,d1-d7/a0/a1
    bra.w    lbC010140

.passed
    move.l    a0,-(sp)
    move.l    #lbW01F382,a0
    jsr    (lbC001222)
    move.l    (sp)+,a0
    clr.w    (lbW00275C)
    bsr.w    lbC00FB54
    rts

Plagueis/KRX · 22 September 2014, 02:41

@brett71: I'd say it's less that crackers of the day were confounded and more that they were in a hurry to achieve first release and some people would cut corners on occasion.

mc6809e · 22 September 2014, 04:52

Quote:

Originally Posted by StingRay

The copy protection wasn't anything special, there just were checks if the code had been tampered with and if so the game would do certain "surprising" things. Impossible to crack? Nope! But it did its job back in the day because there were a lot of non-working versions released.

You sound like you might know a thing or two about altering a program for the purpose of, ahem, creating a version for archival purposes.

I seem to recall reading something somewhere about a program that used the blitter to dynamically re-write code to make single-step type debugging next to impossible. As long as the CPU kept ahead of the blitter, everything went fine, but if the CPU slowed or paused for some reason, a blit would alter the code.

Know anything about which program might have done that?

I tried to do a search here for the discussion, but maybe I read about it somewhere else.

Galahad/FLT · 22 September 2014, 18:50

Quote:

Originally Posted by mc6809e

You sound like you might know a thing or two about altering a program for the purpose of, ahem, creating a version for archival purposes.

I seem to recall reading something somewhere about a program that used the blitter to dynamically re-write code to make single-step type debugging next to impossible. As long as the CPU kept ahead of the blitter, everything went fine, but if the CPU slowed or paused for some reason, a blit would alter the code.

Know anything about which program might have done that?

I tried to do a search here for the discussion, but maybe I read about it somewhere else.

Dragons Lair used the blitter for decrypting the main code file if thats remotely what you're talking about

brett71 · 14 October 2014, 16:53

Quote:

Originally Posted by StingRay

Game performs quite simple checksum checks which are very easy to find if you know what you're doing, I just had a look at the code again after 20 years and found the checks in almost no time. I mean, things like:

Any chance you might be willing to do a proper crack of this game? I know there is a working crack out there, I have it, but it's a bit of a kludge and cumbersome when trying to run from a hard disk.

After reading your disassembly of the code, I'm starting to wish I'd learned assembly back in the day.

amiga_Forever · 06 November 2014, 20:16

hehe.... i still like the crazy copy protection used in Amiga games..

To this day, u look back, and u can't believe silly things existed like that that would prevent you from playing a game.

It was effective, but funny

26 June 2014, 17:49	#28
mr.vince Cheesy crust Join Date: Nov 2008 Location: Hawk's Creek Age: 48 Posts: 1,383	Hired guns = Copy protection ? Good protection is embedded during the programming process and not afterwards. A faulty copy will not immediately break, but slightly alter things, which usually render completion impossible. An RPG is a very good candidate. You can adjust all kinds of things like hit points, energy, strength etc. The game can spawn more enemies, remove entrances to dungeons and so on. If now the computation of such checksums is done with varying routines, based on other events that happen later, is buried in a graphics routine etc. this becomes very troublesome to find. Without ever having seen the code of the game in question - this is what I suspect. Last edited by mr.vince; 26 June 2014 at 17:57. Reason: typo

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hired Guns 2	Altman	request.Old Rare Games	12	19 January 2014 19:23
Hired Guns	Biddy Oldfella	request.Old Rare Games	13	06 November 2006 00:32
hired guns	mangemani	support.Games	6	18 April 2006 18:38
Hired Guns	Unregistered	support.Games	1	04 December 2004 16:49
Hired Guns	Slayer	request.Old Rare Games	1	27 August 2003 21:55

14 June 2014, 10:50	#24
Predseda Puttymoon inhabitant Join Date: Mar 2007 Location: Tromaville Age: 46 Posts: 7,537	Copy protection of Hired guns is a masterpiece, as well as the game itself.

25 June 2014, 21:51	#26
StingRay move.l #$c0ff33,throat Join Date: Dec 2005 Location: Berlin/Joymoney Posts: 6,863	The copy protection wasn't anything special, there just were checks if the code had been tampered with and if so the game would do certain "surprising" things. Impossible to crack? Nope! But it did its job back in the day because there were a lot of non-working versions released.

26 June 2014, 16:30	#27
brett71 Registered User Join Date: May 2010 Location: Ames, IA, USA Posts: 521	So, in essence, at various points throughout the game, the game would do like an MD5 hash on the copy protection code and if it failed, did weird things? There must have been a bunch of those MD5-style checks for no one to have successfully cracked it back in the day.

22 September 2014, 02:41	#30
Plagueis/KRX coder Join Date: Jul 2009 Location: a galaxy far far away Age: 49 Posts: 84	@brett71: I'd say it's less that crackers of the day were confounded and more that they were in a hurry to achieve first release and some people would cut corners on occasion.

06 November 2014, 20:16	#34
amiga_Forever Users Awaiting Email Confirmation Join Date: Mar 2011 Location: kkhkj Posts: 323	hehe.... i still like the crazy copy protection used in Amiga games.. To this day, u look back, and u can't believe silly things existed like that that would prevent you from playing a game. It was effective, but funny

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)